Where the real conversations in privacy happen

Eroding Trust: How New Smart TV Lacks Privacy by Design and Transparency

A year ago I got a new Samsung DVD player for Christmas. It’s a lovely device that I use most every day—mostly for streaming video from Netflix and Amazon. I apparently can also make Skype calls from it, though I haven’t tried — I’m told there are hundreds of other applications out there, so I’m probably underutilizing the device. But I’ve recently wondered—does Samsung log what I do on the player? Does it send information about my viewing back to Samsung. I . . . I guess I have no idea.

Last week, UK blogger Doctorbeet revealed that his LG Smart TV was reporting back to LG every time he changed the channel. It was also scanning all shared files on his home network and sending a running tally of those back to LG as well. The company allegedly offered an opt-out of “Collection of watching info” in its options menu, but apparently toggling the opt-out didn’t actually do anything. Oh, and all the data was unencrypted, so someone else with access to the network could see the information in the clear. Not the sort of story you want to come out just before Black Friday.

LG initially dismissed the concerns with a curt response to Doctorbeet saying, “you accepted the Terms and Conditions on your TV.” But once the story started to get mainstream attention, the company backtracked and said they were looking into the situation. Earlier this week, they announced they were going to fix the problem: After the next firmware update, the opt-out for the collection of TV watching data will work, and LG will turn off the collection of shared file names altogether.

Is an opt-out enough?

That’s a start, but LG shouldn’t stop there. First of all, should home appliances be monitoring consumers and reporting everything back to manufacturers by default? Certainly, other interconnected devices don’t do this today. Your computer doesn’t report back to Lenovo or HP everything that you do. Your phone doesn’t report everything back to Motorola or Apple. When I buy a TV, I’m not typically looking for a relationship with LG or Samsung: I may appreciate additional “smart” capabilities like connecting to Skype or the web, but my TV is a platform for me to access others’ content—it’s not a destination in itself.

Last year, the U.S. Federal Trade Commission (FTC) held a workshop on comprehensive monitoring by intermediaries like ISPs, devices, browsers, operating systems and, sure, TVs. As the CDT noted in our comments after the workshop, this sort of monitoring is particularly invasive. First, it’s comprehensive—it monitors how consumersuse all the various services accessed through that intermediary (such as websites, apps or here, TV channels). Second, it’s out of context—you’re trying to connect with other services, not the platform itself. Consumersexpect the intermediary to act as a pass-through on theirbehalf (especially when they’ve paid for it!), not as a man-in-the-middle that monitors all that you do.

We’ve argued for years that intermediaries and platforms should only monitor their customers on affirmative opt-in basis absent a compelling operational necessity (no, showing behavioral ads doesn’t count). We think that should be the case for Smart TVs as well. The FTC has previously said that this sort of comprehensive monitoring without informed choice is illegal; LG is treading in dangerous legal territory if it’s engaging in similar practices. Hopefully their privacy team, assuming they have one, is voicing such a concern. Are they not being heard? If not, this might not bode well for the company.

Can we even tell what LG’s data practices are?

If LG wants to make a pitch to consumers about how it can use their data to offer better services, I say: Go for it! Google, for example, does this for Chrome—it tries to convince Chrome users to sign in to sync bookmarks and settings across devices. But that’s not what’s happening here.

In fact, it’s really hard to tell exactly what LG is doing. We only know about the data collection in the first place because a blogger decided to watch the traffic going out of his home router. LG updated their privacy policy with a brief response to the controversy, but the explanation is utterly cryptic. First, LG bluntly states that viewing history is not personal information. This seems to rely on an outdated concept of personal information—if the company is logging viewing information by device ID or IP address, which could later be tied back to a particular household, most people—and regulators—would recognize that as personal information.

The company also variously says that it collects information “to deliver more relevant advertisements” but also that “LG does not, or has ever, engaged in targeted advertisement using information collected from LG Smart TV owners” [sic]. I’m not sure how to parse that. Perhaps the company isn’t logging IP or device address at all and is just aggregating usage numbers on the fly; they then serve targeted advertisements based on generalized data about how people are using their TVs. That might be perfectly defensible from a privacy point of view. If the channel viewing is immediately de-identified or aggregated, perhaps the data collection by default—or even without choice at all—is OK. On the other hand, perhaps the company is logging everything by unique household—including TV watching, web browsing and other TV app usage—and storing it forever, in the hope that Big Data will happen.

Right now, we have no idea, and that’s a big problem.

And now, LG has a pretty big PR issue on their hands that could have been avoided if privacy had been designed into the TV from the start. Transparency from the beginning would certainly help engender trust, too. Instead, the company is on the defensive, issuing contradictory statements every couple of days, and desperately hoping the issue just goes away.

The increasing prevalence of interconnected, smart devices—the Internet of Things—certainly present challenges for how to contextually let users know how they’re being monitored and by whom. But even setting aside the question of how to provide actionable—and not just annoying—real-time notice, consumers absolutely must be able to find this information somewhere. I’ve spent much of the last several days trying to figure out what LG Smart TVs collect and transmit to LG, and I still have no clear idea. (LG has not responded to multiple requests for more information.) Even aside from LG’s confusing response to the Smart TV allegations, its privacy policy language is vague and inscrutable, and simply reserves broad rights over what it deems to be non-personal information. (I checked Samsung’s as well to compare—I would guess from this language that they’re not monitoring Smart TV—or DVD player—usage, but I’m not sure.) LG previously hosted a promotional video for a new “Smart Ads” product that promised the ability to link LG Smart TV data to data from LG phones and even LG refrigerators as well (the video has been pulled from the site but it’s been saved for posterity here).

Is LG doing any of these things today? Or have they stopped collecting data entirely in response to the controversy? Since I started writing this blog post, the privacy policy has been revised again and now makes no mention of the Smart TV data collection. Is it different in the U.S., the UK or the rest of Europe? I honestly can’t tell you.

And now, LG has a pretty big PR issue on their hands that could have been avoided if privacy had been designed into the TV from the start. Transparency from the beginning would certainly help engender trust, too. Instead, the company is on the defensive, issuing contradictory statements every couple of days, and desperately hoping the issue just goes away. LG would have been better served with an affirmative privacy strategy developed by privacy professionals—instead of an inchoate data play optimistically pushed by marketers. And even if it did make bad decisions in the past, the company should acknowledge the full extent of the issues to preserve trust, while taking steps to address all the consumer privacy issues I’ve mentioned above. Preferably in time for Black Friday!

Privacy in an interconnected home

The Supreme Court has repeatedly held that people have heightened privacy interests in what happens within their home—even over information that is technologically observable by others. We have “Peeping Tom” laws for the same reason—just because someone has a means to watch what you’re doing in the home doesn’t mean they should. Smart devices have the potential to do amazing things for consumers—smart, automated cars cannot get here fast enough—but it’s paternalistic to assert that those smart devices must be allowed to secretly surveil consumers without understanding them or contrary to their wishes.

Good security and internal accountability are necessary—but not sufficient. Consumers are the ones who pay for the products—they should be the ones in control. Unfortunately, today, we rarely even have access to the necessary information in order to make rational decisions. That needs to change.

Written By

Justin Brookman

3 Comments

If you want to comment on this post, you need to login

Mr Paul• Dec 5, 2013

Your links to the LGTV policy policy are for its website policy, which is explicitly not relevant to the TVs. Or is it? The document is self-contradictory about what it applies to!
The first line states:
"This privacy policy applies only to the websites and services controlled by LG Electronics USA Inc..."
But then, under section A, it states
This privacy policy applies only to information collected on the Sites and does not apply to information collected by LGEUS through any other means."

Well said Justin but let me expand on LG getting all the bad press when it comes to spying please.
Samsung TVs are even worse than LG when it comes to spying and I did try to put the word out using Twitter but it now seems that twitter take bribes to silence people and most the tweets never got out as can be seen if you open a second twitter account and check
Samsung is a few steps ahead of LG when it comes to spying and the way that I captured the data was to hijack the DNS server to force my Samsung TV to use a proxy server.
As soon as you switch a Samsung TV on it connects with Korea and uploads the TV's unique MAC address and then connects to Google,Twitter plus others and sends them a user-agent in the HTTP Request so that they know that a Samsung TV is connecting to them and they also know your IP address.
All Google,Facebook need to do now is contact Samsung with the IP and Samsung can give them your name, address and anything else they know about you because they guarantee the TV and have your details.
This all happens within a second of you switching your TV on and with no apps running.
It gets worse and Samsung uses SSL to upload information but they don't use the usual HTTPS CONNECT but instead open a connection and listen for a reply without using the usual handshake.
These TV's also scan your network using various protocols like SDDP:1900 to access drives and machines plus an odd one using port 7676.
No wonder Samsung did not build the option of using a proxy server into these TV's because that would make it too easy to spot that Samsung is doing evil.
What's strange is that when you do a Google for "TV spying on people" all that Google brings up is links about LG TV's as if no one in the world knows about Samsung so maybe good PR is the price Google pays Samsung for having these TV connect to Google and in return Samsung gives them your details free of charge.
I could go on but the post would end up being bigger then the blog.
Best Regards

Related

In the third installment of this series looking at monitoring programs across industries, including healthcare, IT, finance, government and telecom, Deidre Rodriguez, CIPP/US, talks with JC Cannon, CIPP/US, CIPT, about monitoring a privacy program in the IT industry. "Having comprehensive rules, training and procedures in place are not as important during an audit as being able to prove that they are working," Cannon says. Cannon provides tips for those developing monitoring programs and highlig...
Read more

"How, I regularly find myself asking, can I help my client side-step a privacy issue?" writes Matthew Lawless in this exclusive for The Privacy Advisor. "Time and again I return to two answers: avoid or outsource." In this feature, Lawless discusses the practical realities of advising a tech start-up on privacy. And, he explains, the real challenge in advising start-ups is not “the intricacy of the legal issues” or even the technology itself. Instead, Lawless writes, “it is the fact that start-u...
Read more

In chapter seven of this ongoing series for The Privacy Advisor on the elements of a successful vendor-management program, K Royal, CIPP/E, CIPP/US, discusses the stage in the third-party vendor process in which the chosen vendor has been contracted and the spend has been made. That's not where diligence ends, however. Now it's time to make some management decisions, like the timing and frequency, scope and level of monitoring and who'll be responsible for that. In this report, Royal includes ad...
Read more

Wired reports privacy concerns could not stop a Senate committee’s passage of the proposed Cybersecurity Information Sharing Act or a House committee “from following in the Senate’s surveillance-friendly footsteps. “ The House Intelligence Committee has passed the Protecting Cyber Networks Act (PCNA), “a near-mirror image of the cybersecurity data-sharing bill known as CISA that the Senate intelligence committee passed two weeks ago,” the report states, noting the PCNA and CISA “would create new...
Read more

The Muse features a point-counterpoint by Michael Sullivan and Varsha Devika Carpen on the privacy implications of Bill C-51. Carpen writes that Bill C-51 is needed to help the government identify and stop terrorists, but “it should be amended to better respect the privacy and freedoms of Canadians.” Sullivan, meanwhile, writes, “In reality, the only people whose freedom it threatens are those who aspire to harm Canadian citizens.” Meanwhile, a study released by the British Columbia Freedom of I...
Read more

Tags

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.